---------- Forwarded message ----------
From: Mark S. Miller <erights@google.com>
Date: Tue, Nov 16, 2010 at 3:44 PM
Subject: "Future of Javascript" doc from our internal "JavaScript Summit"
last week
To: javascript-standard@google.com
Proving ownership of | |
- paulmillr.com/pgp_proof.txt via paulmillr.com/pgp_proof.txt.asc | |
- twitter.com/paulmillr | |
- github.com/paulmillr via gist.github.com/paulmillr/cb3ad3b9cd4ac849eb1def3634f93421 | |
- Active key: Paul Miller (PGP 697079DA6878B89B) from 3 Jul 2022 | |
- Revoked key: Paul Miller (PGP 46BEEF337A641ABB) was active from 15 Apr 2020 to 2 Jul 2022 | |
Full pubkey: |
const rotlHs = (h: string, l: string, s: number) => | |
s > 32 ? `(${l} << ${s - 32}) | (${h} >>> ${64 - s})` : `(${h} << ${s}) | (${l} >>> ${32 - s})`; | |
const rotlLs = (h: string, l: string, s: number) => | |
s > 32 ? `(${h} << ${s - 32}) | (${l} >>> ${64 - s})` : `(${l} << ${s}) | (${h} >>> ${32 - s})`; | |
export const keccakP = (() => { | |
let out = 'let h, l, s = state;\n'; | |
const vars = []; | |
for (let i = 0; i < 200 / 4; i++) vars.push(`s${i} = s[${i}]`); | |
out += `let ${vars.join(', ')};\n`; |
# Algorithm W (Damas-Hindley-Milner) in LiveScript. | |
# By Paul Miller (paulmillr.com), Public domain. | |
# | |
# Based on Robert Smallshire's [Python code](http://bit.ly/bbVmmX). | |
# Which is based on Andrew's [Scala code](http://bit.ly/aztXwD). | |
# Which is based on Nikita Borisov's [Perl code](http://bit.ly/myq3uA). | |
# Which is based on Luca Cardelli's [Modula-2 code](http://bit.ly/Hjpvb). | |
# Something like that. | |
prelude = require './prelude' |
multiplyAndAddUnsafe(Q: ProjectivePoint, a: bigint, b: bigint): ProjectivePoint | undefined { | |
// R=R*2+P //bits from a,b = 1,0 | |
// R=R*2 //bits from a,b = 0,0 | |
// R=R*2+Q //bits from a,b = 0,1 | |
// R=R*2+P+Q //bits from a,b = 1,1 | |
const G: ProjectivePoint = this; | |
const spl = (a: bigint) => a.toString(2).padStart(max, '0').split('').map(i => Number(i)); | |
const max = Math.max(ut.bitLen(a), ut.bitLen(b)); | |
const aBits = spl(a); | |
const bBits = spl(b); |
function jacobi(a, n) { | |
if (n <= 0n) throw new Error('n must be positive integer'); | |
if (n % 2n === 0n) throw new Error('n must be odd'); | |
a %= n; | |
let result = 1; | |
while (a !== 0n) { | |
while (a % 2n === 0n) { | |
a /= 2n; | |
let n_mod_8 = n % 8n; | |
if (n_mod_8 === 3n || n_mod_8 === 5n) { |
---------- Forwarded message ----------
From: Mark S. Miller <erights@google.com>
Date: Tue, Nov 16, 2010 at 3:44 PM
Subject: "Future of Javascript" doc from our internal "JavaScript Summit"
last week
To: javascript-standard@google.com
import { secp256k1 } from '@noble/curves/secp256k1'; | |
import elliptic from 'elliptic'; | |
import { mark } from 'micro-bmark'; | |
const EC = elliptic.ec; | |
(async () => { | |
var ec = new EC('secp256k1'); | |
const a = '0000000000000000000000000000000000000000000000000000000000000003'; | |
const b = '3000000000000000000000000000000000000000000000000000000000000000'; |
Metamask uses noble for low-level cryptography operations, such as signature creation. The audit path as per Sep 2023, where every item is name of NPM package:
flowchart TD;
MM[metamask-extension] -->|imports KeyringController| MMKC["@metamask/keyring-controller"];
MMKC -->|imports HDKeyring| MMHD["@metamask/eth-hd-keyring"];
MMKC -->|imports SimpleKeyring| MMSK["@metamask/eth-simple-keyring"];
Hal Finney's explanation of secp256k1 "efficiently computable endomorphism" parameters used secp256k1 libraries, archived from source.
The same optimization could be applied to any Koblitz curve (e.g. Short Weistrass curve with a=0).
I implemented an optimized ECDSA verify for the secp256k1 curve, based on pages 125-129 of the Guide to Elliptic Curve Cryptography, by Hankerson, Menezes and Vanstone. I own the book but I also found a PDF on a Russian site which is more convenient.
secp256k1 uses the following prime for its x and y coordinates:
for (let step = 0; step < 64)
, but instead, you’re writing every iteration step-by-step. Which incr